mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-24 23:19:37 -05:00
80482bfec7
In case user configured Wireguard but there are no clients connected, network hooks are never run and no domains can be resolved from the sys-wireguard qube itself, therefore using Qrexec services to resolve DNS in sys-wireguard hooks doesn't work and depended on connected clients. If Wireguard systemd service wasn't run, the nameserver will be empty and that is not a problem. In case user hasn't configured the Wireguard configuration correctly, drop all connections. |
||
---|---|---|
.. | ||
files | ||
clone.sls | ||
clone.top | ||
configure.sls | ||
configure.top | ||
create.sls | ||
create.top | ||
init.top | ||
install.sls | ||
install.top | ||
README.md | ||
version |
sys-wireguard
Wireguard VPN in Qubes OS.
Table of Contents
Description
Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to other qubes through the VPN with fail closed mechanism.
Installation
- Top:
sudo qubesctl top.enable sys-wireguard
sudo qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply
sudo qubesctl top.disable sys-wireguard
- State:
sudo qubesctl state.apply sys-wireguard.create
sudo qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install
sudo qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure
Usage
Use the VPN qube sys-wireguard
to enforce incoming and outgoing connections
from clients connected to the VPN with a fail safe mechanism.
To start using the VPN:
- Copy the Wireguard configuration you downloaded to
sys-wireguard
and place it in/home/user/wireguard.conf
. - Run from Dom0 to apply Qubes Firewall rules:
qvm-wireguard